General

  • Target

    994901bfc4a85b2721bc5b4ff2c05311231fe9f9e9489a99693d545da69c628d

  • Size

    700KB

  • Sample

    241109-y145ca1fpa

  • MD5

    b7bc8952a3c962eb53fd4a453da4d9d4

  • SHA1

    4245ecb09ade5b5b2afad87b9b5d7d314f55e0e8

  • SHA256

    994901bfc4a85b2721bc5b4ff2c05311231fe9f9e9489a99693d545da69c628d

  • SHA512

    5933c1defcfb72d3b641550ec21218c9833f3e314279f7f48eca3737068565369d4d5d12669f1dc2af7398f63b8eb4b7b2b307e4313606e63932bb5428f2a8fc

  • SSDEEP

    12288:Zy90gOABum7AWMFOiK9wFSr341k6ILZk5AGQ4HJcaapKMVdbd6AoblnCBYr/:Zy9LubWMIDmsroW6CZkpba8uxYVCs

Malware Config

Targets

    • Target

      994901bfc4a85b2721bc5b4ff2c05311231fe9f9e9489a99693d545da69c628d

    • Size

      700KB

    • MD5

      b7bc8952a3c962eb53fd4a453da4d9d4

    • SHA1

      4245ecb09ade5b5b2afad87b9b5d7d314f55e0e8

    • SHA256

      994901bfc4a85b2721bc5b4ff2c05311231fe9f9e9489a99693d545da69c628d

    • SHA512

      5933c1defcfb72d3b641550ec21218c9833f3e314279f7f48eca3737068565369d4d5d12669f1dc2af7398f63b8eb4b7b2b307e4313606e63932bb5428f2a8fc

    • SSDEEP

      12288:Zy90gOABum7AWMFOiK9wFSr341k6ILZk5AGQ4HJcaapKMVdbd6AoblnCBYr/:Zy9LubWMIDmsroW6CZkpba8uxYVCs

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks